digital forensics

Finding Metasploit’s Meterpreter Traces With Memory Forensics

by Oleg Skulkin & Igor Mikhaylov Metasploit Framework is not only very popular among pentesters, but is also quite often used by real adversaries. So why is memory forensics important here? Because Meterpreter, for example – an advanced, dynamically extensible

2018 Nuix Insider Conference Recap

by Jessica Lyford Close to 300 customers, partners, and guests converged at the Royal Lancaster London for Nuix’s annual Insider Conference last week to share their experience using Nuix or to learn something new to address their data, cybersecurity, risk,

Jailbreaking iOS 11 And All Versions Of iOS 10

by Oleg Afonin, Mobile Product Specialist at ElcomSoft Jailbreaking iOS is becoming increasingly difficult, especially considering the amounts of money Apple and independent bug hunters are paying for discovered vulnerabilities that could lead to a working exploit. Late last year,

Forensic Analysis of Damaged SQLite Databases

by Oleg Skulkin & Igor Mikhaylov SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases: you can also find them on desktop computers and laptops as well as, for

Forensic Acquisition Of Solid State Drives With Open Source Tools

by Josué Ferreira Abstract From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically acquire data from Solid State Drives (SSD) to

Oxygen Drone Forensics – How To Deal With A New Threat

It was not too long ago when drones were discussed we would often think of military use or large commercial type applications. However, today drones are now in the hands of hobbyists who frequently use the devices for taking aerial

Evidence Acquisition Using Accessdata FTK Imager

by Chirath De Alwis Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development team has created a free version of the commercial product

Memory Dump Formats

by Chirath De Alwis As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly

Detection Of Backdating The System Clock In MacOS

by Oleg Skulkin & Igor Mikhaylov Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so

Charlatans In Digital Forensics

by James Zjalic There’s a topic that is rarely publicized in the world of digital forensics, but is well known to those within the field and stories are often traded between experts when they meet at conferences and conventions. That

ISO 17025 For Digital Forensics – Yay Or Nay

by Robert Merriott “Much of the digital forensic community desires to have their evidence seen in court as forensically sound and bulletproof, yet do not want to go through the rigors that other traditional forensic sciences have done to prevent

Job Hunting In The DFIR Field

by Jessica Hyde, Magnet Forensics For those who don’t know, in addition to my work at Magnet Forensics, I teach Mobile Device Forensics at George Mason University. In addition to teaching the skills necessary to acquire and parse data from